December 4, 2008 in Security by Vincent King
… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=15581300d72c4cab5c2a9d17a84879ef76fcf116bbc879cfef2d2682a27aecaf8b39b2b9b3a4a8e953db18eba3a37f2cbc4b2da8e72bf4a14f0f3f536eea208844d2144da82322d82dbaca3fcc8206775421dd09ae921b5ffda00e2e148ac97dd5573904b4282a1d2f6bb852d7d174bfede02bb0383c6f8525a00e930c2cb7817d9e7dc513c945ec2ca98dfc07c3bfeb7a6aecf35631b1f4e2ccafe6b1925e05c7b005cd8da5c2f403c5cd40ee03637f4242e6ffe1467b89e70df3e84ec79e29c07a535d08f5e899e1839638cdcc7fd8ec0d12502b927b5fa7bd04a3d9101cfbc88d891a1ad137b2cb98cca4b3515d048d34a3410784b0dca6d520603fd3d759b862f92371e8c974bbd836e481f5faceeee1c9f3c2a797ad506c74a47a4d67a06b4cc1ca5c572f0ff0681e1daa4ebd7a787f79f65ffdf126070d63ba3c8afbe85e7b38e67319146ca4665405ae9287d4adb1ca9c1a859a12d12c5ca6f98cd569454021de60f3ddecc552182d01dcaab45bf4bb4550145fb0de2b407b6db3f947827c95140859023e10b7e0b16338c14853d83053f05ba53a63b640692a91d0bf469470657c39dafccc20897361e9f23fa06d8fc6ebf93c77c9a2224d4252dfdcaef42b10bc04d0c0aa914218c503ec18c50223[[T_F]]
Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
November 26, 2008 in Business, Checklist, Employment by Vincent King
This entry is part 1 of 1 in the series
Cash FlowRecommended:
Money savings expert
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1eef130bdc2747a057219604a34372847dc7fa1c7742316a42231b74e488c3c270296ce96c67eec11c5839c064640a23eb902361c6208fe512322a1c02c0e4fef7dcbf936ee424d9a368d0aa52fcb68e1fa06d68914e6c3d1582e9616fc858b69fbf24abc7e0e06da13004fe5f1fb7c51192e20ae4e5f10ba3b2e94ea9eec480ab7a8afde73c6df8c0d0747df31a0510757051d63f64037bd91cd0b89e8ebb739b02c7576b6754cfb4174315cab4040a0d418c10ea0e8169b80c9325ed5b700f9537a3421dcc1b0c4aabf11e4c4d6f1c524277902bb52768e972d8d483935d2e184a03333f81e9beab1e58d9a78744da41d49a82ead99f58ffc0f4916fafe70814bd00a58c1e45c55711f8e68dcd3e7c728e0da6b80be847f7815c7aab11447a231e33a5fdd030b35d6df2fa2d96bd750cf57b2c176bf0ca411264a91d2186b846a0bd4ae1b1da1c5a62d2bb36e713deb94b86f8c69ae4c7c83dfe176abfd92991cc0be135914daff8d2462a6117a1bf517fb04c4b5ec917ca21f680ec1e84f952299e1f1d5219351b3af33a6823385d58d33b58fb50ae3168bd4b62219adbb44d9f736e7732d1f7c72b82786ae2f934ab6684cde0fa377cc2a929464959d4d7a5ff201bb70fd0ed73f15bcb651644cb65178b[[T_F]]
Tags: Expert, Manage Money, Money Savings
November 16, 2008 in Business, Checklist by Vincent King
This entry is part 5 of 6 in the series
Enterpreneur
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1f33112ad19834ae45ab1786ca2d7bc30fcacc3fe9508853432227f5e589c2e371286de86d66e0c01d5938c165650b22ea912260c7214ee413332b1d03c1a4f096ddbe9260a525d8a269d1ab52f5b78f1ea45a3063fdb91b4a64b3a3bef1d00a5e1f2836eea0a1ba2301689ddf5c0eeb4244a16ca8aa83762664b3fd32a2ef740a7b8a563d501642a2e0724ab7556b410981c2cd1fac6c4ec5d2e347ec7d9bb6576cb652726655ceb5565214c3b5050b0f48ecf5eb4c7183ed07f9e244cd9423ca70595702ffe293eb899c32c7c675d2e607185a21987155adb70ea9d31a16f1c287831010db3db8c192c6aeb95b570e873ea94b0d8ebad6acdf2a6a35d9dd53b268f3297be2c37eb1d23cee8bfff0c4e4ebc3f9c8ad9da75a667eae70476daa6146cbc0565d2505fa621417a044b770727573fc55f7fb2c0d0769b03680f1e2547132ec79131e66ae6c5e0fa4988ddea7bbc096108f9018db2656acf386df634f4a2bd46af9d7e6cf5812270bd6a0be51feb14f5a1e55bad4214a7167b9f34d88769f1e025308341abdeabb6932cb4259d23a59fa51af3069bc4a63209bdab54c9e7a6f7633d0f6c62a83796be3f835aa6785cce1f3367dc3a828474858d5d6a4fe211ab60ed08be9cd2e9b7b3acc9b7b3b03[[T_F]]
Tags: Cash Flow
